From 7b8de04085656d1a5c9b3d0de5771b317c0c7110 Mon Sep 17 00:00:00 2001
From: CJ_Clippy <cj@futureporn.net>
Date: Fri, 10 Oct 2025 04:25:40 -0800
Subject: [PATCH] wait 60s for pgadmin

---
 ansible/roles/our/tasks/firewall.yml |  1 +
 ansible/roles/our/tasks/main.yml     |  4 --
 ansible/roles/our/tasks/stack.yml    | 63 ++++------------------------
 services/our/compose.production.yaml |  6 ++-
 4 files changed, 13 insertions(+), 61 deletions(-)

diff --git a/ansible/roles/our/tasks/firewall.yml b/ansible/roles/our/tasks/firewall.yml
index d2ae72d..6732034 100644
--- a/ansible/roles/our/tasks/firewall.yml
+++ b/ansible/roles/our/tasks/firewall.yml
@@ -8,3 +8,4 @@
     interface: enp8s0
   loop:
     - { port: "{{ our_published_port }}", proto: tcp } # our server
+    - { port: "{{ pgadmin_published_port }}", proto: tcp }
diff --git a/ansible/roles/our/tasks/main.yml b/ansible/roles/our/tasks/main.yml
index fe5f700..4f392c4 100644
--- a/ansible/roles/our/tasks/main.yml
+++ b/ansible/roles/our/tasks/main.yml
@@ -8,10 +8,6 @@
   ansible.builtin.include_tasks:
     file: filesystem.yml
 
-- name: Configure tailscale
-  ansible.builtin.include_tasks:
-    file: tailscale.yml
-
 - name: Configure docker stack app
   ansible.builtin.include_tasks:
     file: stack.yml
diff --git a/ansible/roles/our/tasks/stack.yml b/ansible/roles/our/tasks/stack.yml
index bab9b28..760800f 100644
--- a/ansible/roles/our/tasks/stack.yml
+++ b/ansible/roles/our/tasks/stack.yml
@@ -31,6 +31,12 @@
   loop:
     - compose.production.yaml
 
+- name: Render compose secrets
+  ansible.builtin.template:
+    mode: "0755"
+    src: compose.secrets.j2.yaml
+    dest: /etc/futureporn/our/compose.secrets.yaml
+
 - name: Deploy stack
   when: inventory_hostname == (groups['swarm'] | first)
   community.docker.docker_stack:
@@ -38,59 +44,4 @@
     name: our
     compose:
       - /etc/futureporn/our/compose.production.yaml
-      - services:
-          server:
-            environment:
-              DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
-              NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
-              ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
-              PATREON_API_ORIGIN: "{{ lookup('dotenv', 'PATREON_API_ORIGIN', file='../../../../.env.production') }}"
-              PATREON_AUTHORIZE_PATH: "{{ lookup('dotenv', 'PATREON_AUTHORIZE_PATH', file='../../../../.env.production') }}"
-              PATREON_TOKEN_PATH: "{{ lookup('dotenv', 'PATREON_TOKEN_PATH', file='../../../../.env.production') }}"
-              PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../../../../.env.production') }}"
-              PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../../../../.env.production') }}"
-              COOKIE_SECRET: "{{ lookup('dotenv', 'COOKIE_SECRET', file='../../../../.env.production') }}"
-              S3_REGION: "{{ lookup('dotenv', 'S3_REGION', file='../../../../.env.production') }}"
-              S3_BUCKET: "{{ lookup('dotenv', 'S3_BUCKET', file='../../../../.env.production') }}"
-              S3_APPLICATION_KEY: "{{ lookup('dotenv', 'S3_APPLICATION_KEY', file='../../../../.env.production') }}"
-              S3_KEY_ID: "{{ lookup('dotenv', 'S3_KEY_ID', file='../../../../.env.production') }}"
-              S3_ENDPOINT: "{{ lookup('dotenv', 'S3_ENDPOINT', file='../../../../.env.production') }}"
-              CDN_ORIGIN: "{{ lookup('dotenv', 'CDN_ORIGIN', file='../../../../.env.production') }}"
-              CDN_TOKEN_SECRET: "{{ lookup('dotenv', 'CDN_TOKEN_SECRET', file='../../../../.env.production') }}"
-              WHISPER_DIR: "{{ lookup('dotenv', 'WHISPER_DIR', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY_ID: "{{ lookup('dotenv', 'B2_APPLICATION_KEY_ID', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY: "{{ lookup('dotenv', 'B2_APPLICATION_KEY', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
-          worker:
-            environment:
-              DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
-              NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
-              ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
-              PATREON_API_ORIGIN: "{{ lookup('dotenv', 'PATREON_API_ORIGIN', file='../../../../.env.production') }}"
-              PATREON_AUTHORIZE_PATH: "{{ lookup('dotenv', 'PATREON_AUTHORIZE_PATH', file='../../../../.env.production') }}"
-              PATREON_TOKEN_PATH: "{{ lookup('dotenv', 'PATREON_TOKEN_PATH', file='../../../../.env.production') }}"
-              PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../../../../.env.production') }}"
-              PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../../../../.env.production') }}"
-              COOKIE_SECRET: "{{ lookup('dotenv', 'COOKIE_SECRET', file='../../../../.env.production') }}"
-              S3_REGION: "{{ lookup('dotenv', 'S3_REGION', file='../../../../.env.production') }}"
-              S3_BUCKET: "{{ lookup('dotenv', 'S3_BUCKET', file='../../../../.env.production') }}"
-              S3_APPLICATION_KEY: "{{ lookup('dotenv', 'S3_APPLICATION_KEY', file='../../../../.env.production') }}"
-              S3_KEY_ID: "{{ lookup('dotenv', 'S3_KEY_ID', file='../../../../.env.production') }}"
-              S3_ENDPOINT: "{{ lookup('dotenv', 'S3_ENDPOINT', file='../../../../.env.production') }}"
-              CDN_ORIGIN: "{{ lookup('dotenv', 'CDN_ORIGIN', file='../../../../.env.production') }}"
-              CDN_TOKEN_SECRET: "{{ lookup('dotenv', 'CDN_TOKEN_SECRET', file='../../../../.env.production') }}"
-              WHISPER_DIR: "{{ lookup('dotenv', 'WHISPER_DIR', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY_ID: "{{ lookup('dotenv', 'B2_APPLICATION_KEY_ID', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY: "{{ lookup('dotenv', 'B2_APPLICATION_KEY', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
-          pgadmin:
-            environment:
-              PGADMIN_DEFAULT_EMAIL: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_EMAIL', file='../../../../.env.production') }}"
-              PGADMIN_DEFAULT_PASSWORD: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_PASSWORD', file='../../../../.env.production') }}"
-          tailscale-pgadmin:
-            environment:
-              TS_AUTHKEY: "{{ lookup('dotenv', 'TS_AUTHKEY', file='../../../../.env.production') }}"
+      - /etc/futureporn/our/compose.secrets.yaml
diff --git a/services/our/compose.production.yaml b/services/our/compose.production.yaml
index bdd92bd..798fd7c 100644
--- a/services/our/compose.production.yaml
+++ b/services/our/compose.production.yaml
@@ -73,15 +73,19 @@ services:
     healthcheck:
       test: ["CMD", "nc", "-z", "127.0.0.1", "5050"]
       interval: 5s
-      retries: 10
+      retries: 3
+      start_period: 60s
     ports:
       - target: 5050
         published: 9095
         protocol: tcp
         mode: ingress
+    volumes:
+      - pgadmin_data:/var/lib/pgadmin
 
 volumes:
   pgdata:
+  pgadmin_data:
 
 networks:
   default: